FreeMilk – Scam of the Week

October 13, 2017 8:27 am Paul Mullin

As you’ll no doubt have seen in our previous blogs, the sophistication of phishing scams is ever on the increase and arguably no more so than in the case of this week’s ‘Scam of the Week.’

Organisation’s across the globe have already fallen victim to these highly-targeted phishing campaigns which work by intercepting ongoing email threads, upon which they customise the messages within and spread malware.

The highly-customised phishing messages contained within are designed to look as if the victim is still communicating with the person they were originally messaging. The victim is hooked in as they believe they’re still in contact with the person they were originally messaging. However, they are just another victim of a highly sophisticated cyber-attack and may have infected their entire network unknowingly via a malicious attachment.

These attacks, known as ‘FreeMilk’ have already breached several high-profile networks, including a Middle Eastern bank, European intellectual services firms, and an international sporting organisation.

The attack leverages CVE-2017-0199, a remote code execution vulnerability in the way Microsoft Office and Wordpad parse specially crafted files.

The exploit allows attackers to take full control of an infected system – likely through credential theft – then intercept conversations with specific targets using carefully crafted content designed to trick the victim into installing malware from what they believe to be a trusted source.

Whilst researchers say that ‘FreeMilk’ is limited in the number of attacks carried out, they note that it has a wide range of targets in different regions across the globe.